Schlepping Through Cybersecurity Hiring

For cybersecurity workforce hiring in state governments, it’s hurdle upon hurdle. The challenges keep emerging, and states have to constantly keep up with the difficult terrain.

The National Association of State Chief Information Officers (NASCIO) recently released a study on the challenges facing state government IT workforces. The report highlights findings from survey data collected from forty-nine states and territories, and provides recommendations for state CIOs in countering some of their unique challenges.

Srini Subramanian, Leader of Risk Advisory Services for State Government Sector and Principal of Cyber Risk Practice at Deloitte, spoke with Christopher Dorobek for the podcast DorobekINSIDER, highlighting some of the most important discoveries made by NASCIO.

According to Subramanian, for states the problem of attracting and attaining cybersecurity professionals is enormous – the report even labeled the issue ‘crisis-level’. But why?

To begin, there’s a great deal of demand for cyber experts across sectors, and state governments are competing with more attractive contenders to snatch up the best talent.

State governments have to compete with private sector companies, which can offer much higher salaries and more alluring HR structures. “State governments are particularly at a disadvantage, not only because of their ability to be nimble in the human services, in setting a clear path for growth, [but also] to be able to pay competitive salaries,” said Subramanian.

And it’s not a slight discrepancy between private and public sector salaries. According to Subramanian, private companies tend to compensate their employees at twice or triple the rate of state government cybersecurity salaries. “It’s clearly not a race that the states can win with private sector,” he explained.

States are under pressure to not provide competitive benefits, in fact. Previously, comprehensive benefits packages and job security were factors drawing cybersecurity workers to government, but that’s not the case as much anymore. According to Subramanian, “There’s been a lot of criticism that states are offering too much in terms of benefits packages, so a lot of states are rolling those back. And, government jobs aren’t quite the secure place they once were.”

On top of competing with the private sector, state governments must compete with the federal government for attracting cyber talent. According to Subramanian, the location of most states’ capitals is a strike against them for cybersecurity workers looking for jobs. Apparently, most people would rather live in the nation’s capital than a state capital.

Despite these challenges, there are still ways for state governments to gain access to some talent. Here are a couple of NASCIO’s recommendations, as given to us by Subramanian:

Cross-train the existing workforce. This is attractive to the workers themselves as well, because adding cybersecurity training as a line to their resume is a huge incentive to participate.

Develop relationships with universities. States should hire workers straight out of school, and get as much as possible from them, fully understanding that the private sector will lure them away eventually.

“Start bringing in a new workforce on a continual basis, train them, and clearly expect to see a majority of those people leaving for perhaps better jobs in 2-5 years’ time,” he suggested. “But we’re fine with that, because they’re going to be better citizens of the state.”

Finally, states should work to understand their IT workforce challenges by doing regular assessments such as NASCIO’s. “Once you assess and understand some of the challenges, then it is easy to put together a roadmap and prioritize,” he said.

So, cybersecurity hiring for state governments isn’t a totally lost cause. It’s an uphill struggle certainly, and to be aware of the challenges around and ahead can prepare states to innovate to improve their cybersecurity workforce standing, as best they can.